[Cfrg] proposal for informational RFC

"Catherine A. Meadows" <meadows@itd.nrl.navy.mil> Thu, 08 August 2002 16:25 UTC

Received: from optimus.ietf.org (ietf.org [] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18303 for <cfrg-archive@odin.ietf.org>; Thu, 8 Aug 2002 12:25:58 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA13793 for cfrg-archive@odin.ietf.org; Thu, 8 Aug 2002 12:27:13 -0400 (EDT)
Received: from optimus.ietf.org (localhost []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA13774; Thu, 8 Aug 2002 12:27:05 -0400 (EDT)
Received: from ietf.org (odin []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA13749 for <cfrg@optimus.ietf.org>; Thu, 8 Aug 2002 12:27:04 -0400 (EDT)
Received: from itd.nrl.navy.mil (s2.itd.nrl.navy.mil []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA18296 for <cfrg@ietf.org>; Thu, 8 Aug 2002 12:25:49 -0400 (EDT)
Received: from smtp.itd.nrl.navy.mil (smtp.itd.nrl.navy.mil []) by itd.nrl.navy.mil (8.8.8+Sun/8.8.8) with SMTP id MAA08685 for <cfrg@ietf.org>; Thu, 8 Aug 2002 12:26:23 -0400 (EDT)
Received: from itd.nrl.navy.mil ([]) by smtp.itd.nrl.navy.mil (NAVGW with SMTP id M2002080812262331949 for <cfrg@ietf.org>; Thu, 08 Aug 2002 12:26:23 -0400
Received: from liverwurst.fw5540.net (liverwurst []) by itd.nrl.navy.mil (8.9.0/8.9.0) with ESMTP id MAA15848; Thu, 8 Aug 2002 12:26:20 -0400 (EDT)
From: "Catherine A. Meadows" <meadows@itd.nrl.navy.mil>
Received: (from meadows@localhost) by liverwurst.fw5540.net (8.9.0/8.8.8) id MAA16025; Thu, 8 Aug 2002 12:26:20 -0400 (EDT)
Date: Thu, 8 Aug 2002 12:26:20 -0400 (EDT)
Message-Id: <200208081626.MAA16025@liverwurst.fw5540.net>
To: cfrg@ietf.org
Cc: meadows@itd.nrl.navy.mil
X-Sun-Charset: US-ASCII
Subject: [Cfrg] proposal for informational RFC
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org

Hi everybody:

I've been working with the IETF for a number of years, performing
mechanized security analyses of various IETF protocols, including
IKE and GDOI, and am presently engaged in an analysis of IKEv2.
A while back, when I was starting work on the GDOI protocol, I gave
an informal talk to the SMuG working group on what a security analyst
would like to see in an Internet Draft, that is what information
should be included to make a meaningful security analysis possible.
This was mainly intended to describe the type of information I need
to perform the sort of mechanized protocol analysis that I and
other formal methods people do, in which we assume that the
basic cryptographic mechanisms behave as black boxes and look
for higher-level attacks, but the requirements are general enough
so that I think that they would apply to any kind of security
analysis, including a cryptographic one.

I've had some interest from various WGs in seeing the slides from this
talk, and I've been passing them around on an informal basis.  But
I've been intending to write this up in a more permament form, possibly
as an informational RFC.  It has occurred to me that cfrg might be the
most appropriate forum for this, especially since it would allow
me to get feedback from others who have done security analyses of IETF

Anyway, let me know what you think.
Would you be interested in seeing something like this?  Does cfrg look
like an appropriate forum?


Cfrg mailing list